Manager of Security Engineering
Manager of Security Engineering
Location: Salt Lake City, UT
Manager of Security Engineering will provide technical leadership and oversee the design, development and deployment of security centric software built by the Security Engineering team to deliver effective cybersecurity software and orchestration. Provide career development and mentoring for security engineering team, provide technical guidance and personnel leadership, and work effectively with peer groups in Security Operations, Network Engineering and Operations, R&D, and System Engineering. Act as a member of the Trust Office management team to shape the direction of our Security Programs and prioritize the work activities of the Security Engineering team.
Develop security control automation software to reduce our attack surface, proactively discover vulnerabilities, and reduce response and recovery times. Optimize security tool deployments and introduce scalable remediation processes across multiple engineering and operation teams. Develop governance and procedures to secure coding practices within the software development lifecycle and augment Development Security Operations (DevSecOps) program with subject matter expertise. Contribute and collaborate with other Trust Office team members across the broad spectrum of Cybersecurity programs, such as Security Operation Center, Threat & Vulnerability Management, and Compliance.
This role is responsible for managing and leading the development, sustainment, and operational alignment of the Security Engineering team; coordinating with companywide engineering and architecture teams are instrumental in building tailored and innovative security software to enhance enterprise cybersecurity.
- Provide technical leadership for team members and colleagues to enable effective and timely delivery of security designs, solutions, tools, practices, and processes across the enterprise.
- Facilitate effective design, development and delivery of technical security solutions that consistently meet industry standards and user requirements.
- Plan, oversee and participate in projects related to all security disciplines, including, but not limited to:o Architecture design reviews and infrastructure hardening efforts.o Application security assessments and SDLC process improvements.
- Build internal applications and procure tools to discover, evaluate and mitigate security vulnerabilities during development and in production.
- Perform deep analysis of systems to understand limitations and weaknesses to identify cybersecurity challenges.
- Stay current on industry developments to identify emerging security technologies, risks and trends to ensure our systems keep pace with security technology and risk landscape evolution.
- Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements.
- Demonstrate technical project management skills, and the capabilities to organize and track own work, and the work of others.
- Maintain the highest level of personal certification, integrity and objectivity, following the company Code of Ethics and NICE inContact policies and procedures at all times.
- Bachelor’s degree in Computer science, business information systems, Information Systems Security or related field or equivalent work experience required.
- 8+ years of hands-on experience in cybersecurity, networking, software engineering, and/or systems administration
- 3+ years of engineering management experience, directly managing a team of software/security engineers
- Strong understanding of, and experience with, the full-range of software development lifecycle disciplines. This includes:
- ELK Stack
- API integration with:
- Web Application scanners
- Code Inspection software
- Security Information and Event Management platforms
- Endpoint Detection and Response platforms
- Data Loss Prevention software
- A strong bias towards automation and innovative thinking
- Experience with, and strong knowledge of, modern systems engineering tools, architecture, technologies and best practices
- Extensive experience programming in Python, Angular, C#, .NET, PHP, or similar languages
- Knowledge of web application security principles and experience securing modern, large-scale web environments
- The ability to build cross-functional partnerships with teams outside of security to accomplish security objectives, improve awareness and gain stakeholder buy-in
- Experience with customer identity, security and data privacy, and standards and technical protocol implementations are critical
- Excellent communication skills, both written and oral
- Certifications in information security or related field (one or more preferred):
- AWS Certified Developer
- Certified DevSecOps Engineer
- Experience managing a team of direct and indirect reports in multiple geographic locations.
- Extensive experience engineering applications on top of cloud IaaS environments
- Working knowledge of runtime application self-protection and security automation controls within the SDLC
ABOUT NICE inContact: NICE inContact makes it easy and affordable for organizations around the globe to provide exceptional customer experiences while meeting key business metrics. NICE inContact provides the world’s #1 cloud customer experience platform, NICE inContact CXone™, combining best-in-class Omnichannel Routing, Workforce Optimization, Analytics, Automation and Artificial Intelligence on an Open Cloud Foundation. NICE inContact is a part of NICE (Nasdaq: NICE), the worldwide leading provider of both cloud and on-premises enterprise software solutions.
NICE is committed to provide an environment based on equal opportunity for all qualified applicants and employees. It is the policy of NICE to afford equal employment opportunities to qualified individuals, regardless of age, race, color, creed, religion, citizenship, ancestry, national origin, sex, gender, pregnancy, mental or physical disability, marital status, veteran status, service in the Armed Forces, sexual or affectional orientation, atypical hereditary cellular or blood traits, genetic information, status as a victim of domestic or sexual violence, and/or any other status protected by any applicable federal, state and/or local statute or regulation.